This is EH-Net's first of hopefully many more webcasts. How many more we do depends greatly on the size of the audience we reach. So now is the time for you to help the entire EH-Net Comunity by spreading the word and getting as many as you can to attend. Many thanks in advance.

The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense.

Join world-renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray, as they prepare you for the future of pen testing. This webcast on Tuesday March 10, 2009 at 11:00 CST is your primer to the world of "Modern Social Engineering."

Let us know what topics you'd like for us to cover in the future,Don

Last edited by don on Wed Mar 11, 2009 12:31 pm, edited 1 time in total.

Thanks everyone for the compliments on and offline. There were many questions we just couldn't get to, even though we allowed about another 10 - 15 minutes of Q&A. Then again, that's why we have this thread.

Here are a few more questions for the guys:

1. What are some ways that I can convince my boss that we should add SE into our normal pen tests both internally and externally?

2. How can I measure ROI for the SE portion of pen testing?

3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class?

DAMNIT.. I wrote a resp for about 20 min.. and the site timed me out F%$#^%#

ok.. Ill go backwards.

3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class?

Its hard to show you everyhting without going over the whole class, but I can tell you some things. The outline is about 10 pages of bullets. Each section from intel collection to - gigging for information comes with training, examples, tools, practical exercise, and scnarios to make you put it all into play.

And what the hell.. don knows I am a liability... so heres a lil 0day.

don wrote:Thanks everyone for the compliments on and offline. There were many questions we just couldn't get to, even though we allowed about another 10 - 15 minutes of Q&A. Then again, that's why we have this thread.

Here are a few more questions for the guys:

1. What are some ways that I can convince my boss that we should add SE into our normal pen tests both internally and externally?

2. How can I measure ROI for the SE portion of pen testing?

3. I know you mentioned Core IMPACT and Maltego. Can you expand on some of the more technical components that will be in the class?

Don

Question #1 is what I was wonder. A corollary to that is, how do I get him to pay for my training?

The webcast was recorded in a video format. I am reviewing it now. Give me a little bit to review, clips the start and ending, convert, etc. But it will be made available soon for those who didn't catch the coupon code for basically half off the ChicagoCon training.

Here are some more questions for Chris & Mike that didn't get answered during the live event:

Q: On a PenTest team, what is the best way to collaborate what you have found? I pentest and I have found that communication break down is one of the biggest problems within the PT team social context.

Q: It seems to me that there is not an orgnaization out there that would not fall for a client side attack. There is always at least one person that will click on a malicious link. Would a failure of such a test be the user clicking on a link, or lack of a safeguard such as A/V to prevent the malicious code from doing its thing?

To combine a bunch of questions... how does someone get into pen testing? What are your general thoughts on certs like CISSP? What foundational training would you recommend as a starting point?